CompTIA PenTest+ (PT0-001)

Description

This highly hands-on course gives participants experience in network and system penetration testing. It covers all of the exam objectives for the PT0-001 exam while taking the learner step-by-step through hacking and exploiting each network and system type. Tools used in the activities are mostly Kali Linux-based, covering a broad range of real-world examples used by penetration testers and red teams. The PenTest+ certification is a much-sought-after security certification offered by CompTIA. It is the final step in achieving the new CompTIA Network Vulnerability Assessment Professional (CNVP) or Network Security Professional (CNSP) stackable certification.

It is also an intermediary step in achieving the CompTIA Security Infrastructure Expert (CSIE) top level certification. In this course you will learn hands-on penetration testing and hacking skills including: – Client engagement and documentation – Passive and active reconnaissance – Windows, Linux, and mobile device system hacking – Physical security testing and social engineering – Wired and wireless network hacking and exploitation – Network service hacking and exploitation – Application and web app hacking and exploitation – Lateral movement and persistence in a compromised network – Covering your tracks – Report writing and post-test cleanup This course is intended for advanced students and cybersecurity practitioners who will actively test networks and computer systems for vulnerabilities. Successful completion of two pre-requisite courses, Network+ and Security+, is highly recommended.

This comprehensive course contains 26 hours of learning and includes the following 217 videos:

Intro

PenTest+

1.1 PenTest Plus Topics

1.2 PenTest Engagement

1.3 Threat Modeling

1.4 Technical Constraints

1.5 PenTest Engagement Review

1.6 Examining PenTest Engagement Documents Act

2.1 Passive Reconnaissance part1

2.2 WHOIS Act

2.3 Passive Reconnaissance part2

2.4 Google Hacking Act

2.5 Passive Reconnaissance part3

2.6 DNS Querying Act

2.7 Passive Reconnaissance part4

2.8 Email Server Querying Act

2.9 SSL-TLS Cerfificates

2.10 Shodan Act

2.11 The Havester

2.12 TheHarvester Act

2.13 Recon-ng

2.14 Recon-g Act

2.14 Recon-ng-Part-2-API-key Act

2.15 Maltego

2.16 Have I been Pwned

2.17 Punked and Owned Pwned Act

2.18 Fingerprinting Organization with Collected Archives

2.19 FOCA Act

2.20 Findings Analysis Weaponization

2.21 Chp 2 Review

3.1 Active Reconnaissannce

3.2 Discovery Scans Act

3.3 Nmap

3.4 Nmap Scans Types Act

3.5 Nmap Options

3.6 Nmap Options Act

3.7 Stealth Scans

3.8 Nmap Stealth Scans Act

3.9 Full Scans

3.10 Full Scans Act

3.11 Packet Crafting

3.12 Packet Crafting Act

3.13 Network Mapping

3.14 Metasploit

3.15 Scanning with Metasploit Act

3.16 Enumeration

3.17 Banner Grabbing Act

3.18 Windows Host Enumeration

3.19 Winddows Host Enumeration Act

3.20 Linux Host Enumeration

3.21 Linux Host Enumeration Act

3.22 Service Enumeration

3.23 Service Enumeration Act

3.24 Network Shares

3.25 SMB Share Enumeration Act

3.26 NFS Network Share Enumeration

3.27 NFS Share Enumeration Act

3.28 Null Sessions

3.29 Null Sessions Act

3.30 Website Enumeration

3.31 Website Enumeration Act

3.32 Vulnerability Scans

3.33 Compliance Scans Act

3.34 Credentialed Non-credentialed Scans

3.35 Using Credentials in Scans Act

3.36 Server Service Vulnerability Scan

3.37 Vulnerability Scanning Act

3.38 Web Server Database Vulnerability Scan

3.39 SQL Vulnerability Scanning Act

3.40 Vulnerability Scan Part 2 OpenVAS Act

3.41 Web App Vulnerability Scan

3.42 Web App Vulnerability Scanning Act

3.43 Network Device Vulnerability Scan

3.44 Network Device Vuln Scanning Act

3.45 Nmap Scripts

3.46 Using Nmap Scripts for Vuln Scanning Act

3.47 Packet Crafting for Vulnerbility Scans

3.48 Firewall Vulnerability Scans

3.49 Wireless Access Point Vunerability

3.50 Wireless AP Scans Act

3.51 WAP Vulnerability Scans

3.52 Container Security issues

3.53 How to Update Metasploit Pro Expired Trial License

4.1 Physical Security

4.2 Badge Cloning Act

4.3 Physical Security Review

5.1 Social Engineering

5.2 Using Baited USB Stick Act

5.3 Using Social Enginnering to Assist Attacks

5.4 Phishing Act

5.5 Social Engineering Review

6.1 Vulnerbility Scan Analysis

6.2 Validating Vulnerability Scan Results Act

6.3 Vulnerbility Scan Analysis Review

7.1 Password Cracking

7.2 Brute Force Attack Against Network Service Act

7.3 Network Authentication Interception Attack

7.4 Intercepting Network Authentication Act

7.5 Pass the Hash Attacks

7.6 Pass the Hash Act

7.7 Password Cracking Review

8.1 Penetrating Wired Network

8.2 Sniffing Act

8.3 Eavesdropping

8.4 Eavesdropping Act

8.5 ARP Poisoning

8.6 ARP Poisoning Act

8.7 Man In The Middle

8.8 MITM Act

8.9 TCP Session HiJacking

8.10 Server Message Blocks SMB Exploits

8.11 SMB Attack Act

8.12 Web Server Attacks

8.13 FTP Attacks

8.14 Telnet Server Attacks

8.15 SSH Server Attacks

8.16 Simple Network Mgmt Protocol SNMP

8.17 Simple Mail Transfer Protocol SMTP

8.18 Domain Name System DNS Cache Poisoning

8.19 Denail of Service Attack DoS-DDoS

8.20 DoS Attack Act

8.21 VLAN Hopping Review

9.1 Penetrating Wireless Networks

9.2 Jamming Act

9.3 Wireless Sniffing

9.4 Replay Attacks

9.5 WEP Cracking Act

9.6 WPA-WPA2 Cracking

9.7 WAP Cracking Act

9.8 Evil Twin Attacks

9.9 Evil Twin Attack Act

9.10 WiFi Protected Setup

9.11 Bluetooth Attacks

9.12 Penetrating Wireless Networks

10.1 Windows Exploits

10.2 Dumping Stored Passwords Act

10.3 Dictionary Attacks

10.4 Dictionary Attack Against Windows Act

10.5 Rainbow Table Attacks

10.6 Credential Brute Force Attacks

10.7 Keylogging Attack Act

10.8 Windows Kernel

10.9 Kernel Attack Act

10.10 Windows Components

10.11 Memory Vulnerabilities

10.12 Buffer Overflow Attack Act

10.13 Privilegde Escalation in Windows

10.14 Windows Accounts

10.15 Net and WMIC Commands

10.16 Sandboxes

11.1 Linux Exploits

11.2 Exploiting Common Linux Features Act

11.3 Password Cracking in Linux

11.4 Cracking Linux Passwords Act

11.5 Vulnerability Linux

11.6 Priviledge Escalation Linux

11.7 Linux Accounts

11.8 Linux Exploits Review

12.1 Mobile Devices

12.2 Hacking Android Act

12.3 Apple Exploits

12.4 Moblie Devices Review

13.1 Specialized Systems

13.2 Specialized Systems Review

14.1 Scripts

14.2 Powershell

14.3 Python

14.4 Ruby

14.5 Common Scripting Elements

14.6 Scripts Review

14.7 Better Ping Sweep

14.8 Simple Port Scanner2

14.9 Multitarget Port Scanner

14.10 Port Scanner with Nmap

14.11 Scripts Review

15.1 Application Testing

15.2 Reverse Engineering

16.1 Webb App Exploits

16.2 Injection Attacks

16.3 HTML Injection

16.4 SQL Hacking – SQLmap Act

16.5 Cross-Site Attacks

16.6 Cross-Site Request Forgery

16.7 Other Web-based Attacks

16.8 File Inclusion Attacks

16.9 Web Shells

16.10 Web Shells Review

17.1 Lateral Movement

17.2 Lateral Movement with Remote Mgmt Services

17.3 Process Migration Act

17.4 Passing Control Act

17.5 Pivoting

17.6 Tools the Enable Pivoting

17.7 Lateral Movement Review

18.1 Persistence

18.2 Breeding RATS Act

18.3 Bind and Reverse Shells

18.4 Bind Shells Act

18.5 Reverse Shells

18.6 Reverse Shells Act

18.7 Netcat

18.8 Netcat Act

18.9 Scheduled Tasks

18.10 Scheduled Tasks Act

18.11 Services and Domains

18.12 Persistence Review

19.1 Cover Your Tracks

19.2 Cover Your Tracks – Timestomp Files Act

19.3 Cover Your Tracks – Frame the Administrator Act

19.4 Cover Your Tracks – Clear the Event Log Act

19.5 Cover Your Tracks Review

20.1 The Report

20.2 The Report Review

21.1 Post Engagement Cleanup

21.1 Post Engagement Cleanup_1

21.3 Post Engagement Cleanup Review

21.4 PenTest Plus Conclusion.mp4

Outline

CompTIA PenTest+ (Exam PT0-001)Course SyllabusThis highly hands-on course gives participants experience in network and system penetration testing. It covers all of the exam objectives for the PT0-001 exam, while taking the learner step-by-step throughhacking and exploiting each network and system type. Tools used in the activities are mostly Kali Linuxbased,covering a broad range of real-world examples used by penetration testers and red teams. The PenTest+ certification is a much-sought-after security certification offered by CompTIA. It is the final step in achieving the new CompTIA Network Vulnerability Assessment Professional (CNVP) or Network Security Professional (CNSP) stackable certification. It is also an intermediary step in achieving the CompTIA Security Infrastructure Expert (CSIE) top level certification.The topics in this course follow a natural real-world pentest engagement flow, as well as map to the exam objectives.Module 1 – The Pen Test EngagementIn this module, you will learn how to work with a client and prepare for a penetration testing engagement. The topics are:1. Penetration Testing Overview• In this topic, you will learn what a penetration test is, the steps taken to prepare for a pentest, tools used, communicating with the client and your team, and pen testing standards and frameworks.2. Engagement Planning• In this topic, you will learn about the logistics of planning for a pentest engagement including setting scope, determining end goals and deliverables, assessment types, threat modeling, and scheduling.3. Engagement Documents• In this topic, you will learn about documentation required for a professional pentest engagement including contracts, authorizations, rules of engagement, impact analysis, disclaimers, and support resources.4. Prepare to Go Live• In this topic, you will prepare both the client and your team to start the actual test.Module 2 – Passive ReconnaissanceIn this module, you will learn how to gather background information on your target. The topic is:1. OSINT• In this topic, you will learn about passive reconnaissance through open source intelligence gathering, including using websites, social media, Google hacking, DNS querying, and other tools.• Activities include using Whois, Google Hacking Database, theHarvester, Recon-ng, FOCA, dig, nslookup, and Shodan.Module 3 – Active ReconnaissanceIn this module, you will learn how to actively search for targets. The topics are:1. Host Discovery and Port Scanning• In this topic, you will learn about the different tools and methods for discovering target systems and the services they provide.• Activities include using the command line, nmap, and Metasploit.2. Enumeration• In this topic, you will learn how to obtain additional information from network services, Windows and Linux systems, as you prepare to exploit those systems.• Activities include using Windows and Linux command line commands, nmap, netcat, telnet, rpcclient, dirbuster, and Metasploit.3. Vulnerability Scanning• In this topic, you will use different types of scans including packet crafting to discover exploitable vulnerabilities on hosts, websites, network services, and network devices.• Activities include using OpenVAS, nmap NSE scripts, Metasploit Pro, sqlmap, Nikto, MBSA, hping3, airmon-ng, aircrack-ng, Fern Wi-Fi Cracker, mdk3, and Kismet.Module 4 – Physical SecurityIn this module, you will learn how to test physical security controls. The topic is:1. Physical Security Tests• In this topic, you will learn about ways to circumvent physical security controls to gain access to restricted areas.• Activities include RFID badge cloning Module 5 – Social EngineeringIn this topic, you will learn about social engineering. The topic is:1. Social Engineering Attacks• In this topic, you will learn how to execute both technical and non-technical social engineering attacks.• Activities include using msfvenom and Metasploit for USB stick baiting, and the Kali Social Engineering Toolkit for website login cloning, phishing, and credential interception.Module 6 – Vulnerability Scan AnalysisIn this module, you will learn how to examine vulnerability scan results to choose the best exploit against discovered targets. The topic is:1. Vulnerability Scan Results• In this topic, you will learn how to assess vulnerability scan results, weed out false positives, adjudicate and prioritize findings, and map vulnerabilities to exploits. You will also learn about both the value and limits of using automated vulnerability scans in your pentest engagement. • Activities include using Metasploit Pro to validate vulnerability scan findings and determine the appropriate exploit modules that can be used to penetrate the vulnerable systems.Module 7 – Password CrackingIn this module, you will learn the basics of password cracking. The topic is:1. Password Cracking Types• In this topic, you will learn about dictionary, rainbow table, and brute force attacks. You will learn how to brute force network service authentication, intercept a network authentication, and pass-the-hash.• Activities include using Medusa, John-the-Ripper, Wireshark, and Metasploit.NOTE: You will learn additional password cracking techniques in subsequent modules.Module 8 – Penetrating Wired NetworksIn this module, you will learn how to penetrate a wired Ethernet network. The topic is:1. Common Network Exploits• In this topic, you will learn how to sniff wired network activity, intercept file transfers, read transmitted email, conduct Man-in-the-Middle attacks using ARP poisoning, hijack TCP sessions, execute network-based denial-of-service attacks, and exploit common network services.• Activities include using Wireshark, ettercap, Low Orbit Ion Cannon, nmap, the Searchsploit database, gcc, and Metasploit.Module 9 – Penetrating Wireless NetworksIn this module, you will learn how attack wireless networks. The topic is:1. Wireless Network Exploits• In this topic you will learn how to sniff and jam Wi-Fi networks, crack WEP, WPA/WPA2 and WPS, conduct Evil Twin attacks, and attack BlueTooth.• Activities include using Netcut, Wireshark, and airmon-ng, besside-ng, bettercap, and Wi-Fi Pumpkin.Module 10 – Windows ExploitsIn this module, you will learn how to exploit Windows hosts. The topics are:1. Common Windows-Based Vulnerabilities• In this topic you will learn about common Windows vulnerabilities, exploits, and payloads.• Activities include using Metasploit, the Searchsploit database, and command-line commands.2. Password Cracking in Windows• In this topic, you will learn about cracking Windows passwords.• Activities include using Cain & Abel, John-the-Ripper and L0pht 73. Windows Components• In this topic, you will learn how to exploit standard Windows components including default protocols and configurations, the file system, the kernel, and memory. You will also learn how to leverage these components to escalate privilege on a compromised host.• Activities include using Metasploit and the Searchsploit database.4. Windows Accounts• In this topic you will learn how to exploit default and user-defined Windows accounts.• Activities include using Metasploit and command-line commands.5. Sandboxes• In this topic, you will learn about using sandboxing to contain hacking attempts.Module 11 – Linux ExploitsIn this module, you will learn how to hack Linux systems. The topics are:1. Common Linux/Unix-Based Vulnerabilities• In this topic you will learn about common Linux vulnerabilities, exploits, and payloads.• Activities include using Metasploit, the Searchsploit database, and command-line commands.2. Password Cracking in Linux• In this topic you will learn how to crack Linux passwords.• Activities include using command-line commands, unshadow, and John-the-Ripper.3. Vulnerable Linux Components• In this topic, you will learn how to exploit standard Linux components including default protocols and configurations, the file system, the kernel, and memory. You will also learn how to leverage these components to escalate privilege on a compromised host.• Activities include using command-line commands, Metasploit and the Searchsploit database.4. Linux Accounts• In this topic, you will learn how to attack default Linux accounts.• Activities include using Linux bash commands.Module 12 – Mobile DevicesIn this module, you will learn how to attack mobile devices. The topics are:1. Android Exploits• In this topic, you will learn how to exploit common Android vulnerabilities• Activities include using msfvenom and Metasploit to compromise and remotely control an Android phone.2. Apple Exploits• In this topic, you will learn how to exploit common Apple vulnerabilities• Activities include using nmap and WinSCP to access a compromised iPhone.Module 13 – Specialized SystemsIn this module, you will learn about specialized systems. The topics are:1. ICS• In this topic, you will learn about common vulnerabilities of industrial control ICS and SCADA systems2. Embedded Systems• In this topic, you will learn about common vulnerabilities of embedded systems such as point-of-sale and real-time operating systems• Activities include using a Raspberry PI to attack an internal network.3. 13.3 IoT• In this topic, you will learn about common and emerging threats related to the Internet of Things4. 13.4 Hardware Attacks• In this topic, you will learn about additional hardware-based attacks that can be conducted against specialized systems.Module 14 – ScriptsIn this module, you will learn the basics of scripting, as pertains to penetration testing. The topics are:1. Scripting Basics• In this topic, you will learn about the basics of Bash, PowerShell, Python, and Ruby scripting2. Common Scripting Elements• In this topic, you will learn about common scripting elements found in all of the scripting languages including variables, substitution, arrays, operations, logic, and error handling.• Activities include writing simple scripts.Module 15 – Application TestingIn this module you will learn about testing application code for vulnerabilities. The topics are:1. Static Code Analysis• In this topic, you will learn how to analyze static, non-running code2. Dynamic Code Analysis• In this topic, you will learn how to test running code.• Activity includes fuzz testing an application for potential buffer overflow vulnerabilities.3. Reverse Engineering• In this topic, you will learn about application reverse-engineering techniques including de-compilation, disassembly, and debugging.Module 16 – Web App ExploitsIn this module, you will learn how to exploit web apps. The topics are:1. Common Web Application Vulnerabilities• In this topic, you will learn how to exploit authentication, authorization, misconfigurations, browser sessions, and insecure code.2. Injection Attacks• In this topic, you will learn about various injection techniques.• Activities include using a browser, sqlmap, and Metasploit to inject code and SQL commands into a web app form.3. Cross-Site Attacks• In this topic, you will learn how to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.• Activities include using a browser and other tools to perform XSS attacks.4. Other Web-Based Attacks• In this topic, you will learn how to conduct other types of web-based attacks including clickjacking, file inclusion, and webshells.Module 17 – Lateral MovementIn this module, you will learn how to move around in a compromised network. The topic is:1. Lateral Movement Techniques• In this topic, you will learn how to use lateral movement techniques including migrating malicious code to another process, pivoting, and using proxy chains.• Activities include using Metasploit to migrate code and pivot through the target network, and Armitage Team Server to pass control to another attacker.Module 18 – PersistenceIn this module, you will learn how to maintain control of a compromised system. The topics are:1. Persistence Techniques• In this topic, you will learn about common persistence techniques.2. Backdoors• In this topic, you will learn how to plant persistent back doors on a compromised system.• Activities include using ProRAT Trojan builder3. Bind and Reverse Shells• In this topic, you will learn the difference between bind and reverse shells, and when it is appropriate to use either.• Activities include using Metasploit to create bind and reverse connections to a compromised target.4. Netcat• In this topic, you will learn how to use netcat to set up a persistent back door.• Activities include using netcat to launch both bind and reverse shells.5. Scheduled Tasks• In this topic, you will learn how to maintain persistence through scheduled tasks.• Activities include using the task scheduler to regularly launch a netcat session that exfiltrates updated data out of the target and back to the attacker.Module 19 – Cover Your TracksIn this module, you will learn how to remove evidence of your hacking activities. The topic is:1. Anti-forensics Techniques• In this topic, you will learn how to hide malicious activity from a forensic investigator• Activities include clearing logs, changing file timestamps, and impersonating another user when conducting malicious activity.Module 20 – The ReportIn this module, you will learn how to analyze your pentest findings and write a report as the final deliverable for your client. The topics are:1. Data Analysis• In this topic, you will categorize and prioritize the data you have collected during the penetration test.2. Recommendations• In this topic, you will formulate recommendations for the client based on the data you collected during the penetration test.3. Writing the Report• In this topic, you will normalize the data you have collected, and organize it into an actionable report aimed at multiple audiences.4. Handling the Report• In this topic, you will securely hand over the report to your client.• The activity includes examining real world report examples.Module 21 – Post Engagement CleanupIn this module, you will learn about the tasks you must perform after completing a professional penetration test. The topic is:1. Post Engagement Activities• In this topic, you will learn about the cleanup tasks required after a typical pentest engagement, including removing artifacts, client acceptance of the findings, lessons learned, and follow up actions.